On Thursday June 17th, 2010,
Charles Milo gave an excellent presentation of the
"Intel Server Processor Roadmap"
Charles Milo is an Enterprise Technical Specialist with Intel Americas.
To access more Intel tech info, enroll as an IPIP (Intel Premier IT Professional) at
He has been at Intel 12 years and is a member of Intel Americas Senior Staff.
Unigroup IPIP Priority Code: 1117
I was intrigued by the new instructions for AES. This is what I found using IPIP
- Federal Information Processing Standards Publication 197
November 26, 2001
Announcing the ADVANCED ENCRYPTION STANDARD (AES)
Advanced Encryption Standard New Instructions (AES-NI)
AES-NI is a set of instructions that consolidates mathematical operations
used in the Advanced Encryption Standard (AES) algorithm.
of particular interest is the sample code:
Enabling AES-NI requires a computer system with an AES-NI-enabled processor
as well as non-Intel software to execute the instructions in the correct sequence.
AES-NI is available on Intel Core i5-600 Desktop Processor Series,
Intel Core i7-600 Mobile Processor Series,
and Intel Core i5-500 Mobile Processor Series.
For more information, see
With AES-NI, six new Single Instruction Multiple Data (SIMD) instructions
are introduced on the processor.
Four instructions are provided for data encryption and decryption.
These instructions have register-register and register-memory variants.
Two other instructions are provided to assist with AES key expansion.
- AESENC: AES Encrypt Round
- AESENCLAST: AES Encrypt Last Round
- AESDEC: AES Decrypt Round
- AESDECLAST: AES Decrypt Last Round.
- AESIMC: AES Inverse Mix Columns
- AESKEYGENASSIST: AES Key Generation Assist
Figure 20. AES-128 Key Expansion
Figure 16. AES-128 Encryption, featuring AESENC and pre-expanded key schedule
Figure 17. Using AESIMC for AES-192 Decryption, featuring AESDEC and pre-expanded key schedule
Figure 27. AES-128 Parallel Modes of Operation (a clever optimization)
But the examples don't show
or how to get high enthropy random numbers for ephemeral keys.
Many thanks to Izaac Falken for clarifying the Intel architecture:
- the new
Intel AES instuctions
run on the co-processor:
the latest enhancement in the Intel line of:
- so they use the 16: 128 bit co-processor registers,
not the main core registers
- The register name "xmm" is mmx backwards
- FXSAVE and FXRSTOR instructions
loads or stores ALL 16 of the co-processor
registers, thus the preference of expanding the key into registers
for all the round and saving all the registers.
No need to recalculate the round keys, just re-load all the key registers.
They're read or written directly to RAM, bypassing the cache (for security: no snooping).
Intel IT Healthcare Professionals: Wireless technologies
Intel IT Healthcare Professionals:
Intel and Cisco WLAN Deployment Guide for Healthcare
Mobile technologies have demonstrated maturity in large enterprises,
empowering workers and boosting productivity
by greatly increasing access to tools and information.
Intel and Cisco WLAN Deployment Guide for Healthcare.pdf
Adoption of mobile technologies continues to increase,
with wireless networks becoming nearly ubiquitous in Fortune 5001 campus environments.
Many forward-looking healthcare provider organizations are deploying
mobile solutions to help improve quality of care,
patient satisfaction, staff efficiency, and clinical outcomes.
These include mobile point-of-care (MPOC) solutions
that combine mobile devices, mobilized applications,
and wireless infrastructure to support delivery of healthcare to the patient.
As populations continue to age,
wireless technologies are expected to facilitate more home-based monitoring and long-term care.
Delivering Mobile Point of Care with Pervasive Wireless Networks
Several hospital case studies.
The Cisco Intel Alliance
is the vehicle for both companies
to collaborate in specific technology areas for the benefit of their mutual customers.
Next Generation Desktop.pdf
Implementing New Hardware-Based
Information Security Capabilities
The U.S. Department of Defense (DoD) Defense Intelligence Agency (DIA) is in the first year of a
multi-year program to deploy and use Intel vPro technology to support Multi-Level Security
(MLS) capabilities on end-user PC desktops enabled with Intel vPro technology and Intel Graphics.
Going forward, DIA looks to build on this effort by implementing a Type 1, bare-metal
hypervisor client virtualization solution using Citrix XenClient.
NGD: Leveraging the Investment in Intel vPro Technology
In September 2009, DIA acquired new thick client desktops with the Intel vPro technology stack.
The desktops are scheduled to replace existing legacy single-domain machines
as well as serve as the basis for the Next Generation Desktop solution end point.
DIA expects the Next Generation Desktop effort to produce a solution
that fully leverages the security and management attributes of
Intel vPro technology-enabled PCs,
to include Intel Trusted Execution Technology (Intel TXT),
Intel Virtualization Technology2 for Directed I/O (Intel VT-d),
Intel Active Management Technology3 (Intel AMT),
and remote management. The Next Generation Desktop solution shall
provide the enterprise with the ability to fully provision a
bare metal hypervisor onto the desktop, with central management of the
user's workload. The system will leverage not only the security enhancements
provided by the COTS platform utilizing Intel vPro technology,
but also the built-in capabilities of Intel Graphics.
Updates from the Intel Developer Forum:
Benefitting Enterprise Computing with New Technologies, Products and Acquisitions
Features of the 2nd Generation Intel Core processor
that should be of particular interest to IT include:
Intel to Ramp Intel vPro Technology Aggressively
- An enhanced version of Intel Turbo Boost Technology
that automatically shifts or reallocates processor cores
and processor graphics resources to accelerate performance,
tailoring a workload to give users an immediate performance boost when needed
- Enhanced KVM remote control built-in and available on more SKUs
- Hardware-level theft protection of PCs with Intel Anti-Theft Technology
that enforces data encryption software authentication even on resume from sleep,
and Intel AES New Instructions (Intel AES-NI) encryption acceleration instruction on more SKUs
- Easier activation and firmware version management
that allows activation in minutes with streamlined scripts
Intel CEO Paul Otellini highlighted how the next generation of the
Intel Core vPro processor family will help businesses protect their information
with more efficient encryption capabilities embedded into the hardware.
As an example, Otellini showed a three-person video conference demo
with 256-bit encryption on a live video stream using three
next-generation Intel Core vPro processor-based PCs and a server
(based on the next-generation Intel Xeon processor, formerly codenamed Romley)
with special encryption instructions and optimized video conferencing software by Vidyo
The server decrypted and encrypted all three video streams with virtually no time delay.
These new Intel processors will offer
expanded special instructions called Intel AES-NI
to enable a 10x improvement in encryption and decryption performance for more secure transactions.
Data Center Capabilities Also Advance
The new Westmere-EX will bring new capabilities enabled by
Intel's scalable architecture and 32 nm technology.
It increases the number of cores from eight to 10
which means you can have 20 threads running in parallel.
It increases the memory from the previous Intel Xeon processor 5500 series by 2X
to 32 gigabytes per DIMM which means a two-socket system
can now have up to two terabytes of memory.
It comes with the newest security technologies
like Intel AES-NI and Intel Trusted Execution Technology.
These machines will be available in the first half of 2011.